New FIDO Alliance Design Guidelines: Key takeaways for passkeys and a phishing-resistant user future

The FIDO Alliance is an open industry association launched in 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. Yubico has pioneered the development of FIDO authentication standards that the FIDO Alliance has adopted, working to make the internet safer for all. First published in 2022, the FIDO Alliance Design Guidelines offer data-backed recommendations for designers, engineers, product managers, content strategists, and UX researchers to guide the implementation and expansion of passkey support.

In late May, the alliance released significant updates which include research on passkey management and integrating different passkey types, like synced and device-bound passkeys. Research shows that prominently displaying passkey options within user account settings, alongside other authentication methods, and maintaining consistent styling across platforms with clear messaging effectively motivates users to create and use various passkey types. This approach maximizes adoption as users are more receptive to security actions.

The guidelines emphasize offering a choice between synced and device-bound passkeys (e.g., FIDO security keys like YubiKeys) for flexibility and enhanced security. A unified passkey management UI under “Passkeys” simplifies user interaction.

The guidelines also align with the long-term direction of passkeys. Highlights from additional FIDO research in 2024 show consumer passkey awareness and adoption are on the rise. A majority believe passkeys are more secure (61%) and more convenient than passwords (58%).

Phishing-resistant users: The future of passwordless security

Cybersecurity is designed by people, for people, and can be exploited by people. This is where the concept of a phishing-resistant user comes into focus – it is central in modern cybersecurity, focusing on the human element. With recent advancements in passwordless – and new on-device authentication solutions – the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved to address these increasing challenges. In order to truly prevent phishing attacks, organizations must do more than just invest in phishing-resistant authentication – they must instead focus on enabling phishing-resistant users through modern authentication technology.

With awareness of passkeys as a phishing-resistant authentication method on the rise, the focus naturally shifts to the people actually using the technology. As modern and affordable devices proliferate, individuals use personal devices for work emails and work devices for personal tasks. For example, people often possess multiple devices (smartphones, laptops, tablets) across different platforms (Apple, Google, Microsoft) between personal and professional use.

Combining all passkey types in the same interface makes it quick and intuitive to register on a primary device. With research showing that changing behavior requires understanding and motivation, educating users about passkeys within settings can shape attitudes and encourage registration. People need to comprehend and apply advice and must be willing to change their attitudes and intentions. Introducing passkeys in relevant settings helps users adopt them, providing context and increasing engagement.

The YubiKey offers high assurance, high security and convenience: as a single-device passkey (device-bound), you simply plug in your YubiKey and enter a PIN and touch to authenticate — even if you registered on a different device or platform. Your cyber resilience starts with the YubiKey for robust and accessible cybersecurity that delivers phishing-resistant users.

For more information on the new FIDO Alliance Design Guidelines, visit their website here. Ensure the highest security and convenience for your digital accounts with YubiKey and become a phishing-resistant user today – it’s never been easier, with the ability to store up to 100 passkey credentials with the latest YubiKey updates. Visit our store for more information and to purchase keys for your organization.

Talk to our teamTalk to our team

Share this article:


  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey